Failed again ISSMP 23th September
I think the heading says it all,original post is here
http://www.techexams.net/forums/isc-sscp-cissp/127716-failing-cissp-issmp-exam-24th-june-17-a.html
Marks this time 619.Last was 564 . Improvement but on cost to 1400$ on studying material. Real loser I'm.I need you guys help to clear the confusion over. I have used 600+ cism exam questions
link here
https://www.exam-labs.com/exam/CISM?viewall=1
but the confusion remains For e.g
1) When a vulnerability is found the security officer should do first report to it management or asses the likelihood. In my opinion there is no point of going to management If you don't have the impact analysis done.
2) On ethics if a former employee is contacted should he help the new employer answer personal questions or put the questions to other dept and decline the request?
3) Are control here to provide acceptable range or parameters or they are here to determine assessment requirements.? Acceptable ranges thats where standards exists? But I can be wrong any suggestions.
4) can in any case security manager have risk acceptance authority?
5) operational security can be best ensured via security controls in terms of policies that are embedded in approved documentation or be present operational security guidelines to be audited annually? My view if they are not documented they are never audited?
6)if auditor is facing resistance from internal teams, should he ask the security manager to have their liaison ensure that audit checklist is forwarded and communicated between auditor and target team?My weakness is leadership, ethics and governance according to exam results. What can i do?
7) If some organization tells me about type of business they are in, and inform me their business suffer no risk, and in discussion I can pick out area e.g integrity where the risk applies, should I recommend the risky area or suggest full risk assessment. Also, there is no budget concern raised by the organization management which approach to follow.
http://www.techexams.net/forums/isc-sscp-cissp/127716-failing-cissp-issmp-exam-24th-june-17-a.html
Marks this time 619.Last was 564 . Improvement but on cost to 1400$ on studying material. Real loser I'm.I need you guys help to clear the confusion over. I have used 600+ cism exam questions
link here
https://www.exam-labs.com/exam/CISM?viewall=1
but the confusion remains For e.g
1) When a vulnerability is found the security officer should do first report to it management or asses the likelihood. In my opinion there is no point of going to management If you don't have the impact analysis done.
2) On ethics if a former employee is contacted should he help the new employer answer personal questions or put the questions to other dept and decline the request?
3) Are control here to provide acceptable range or parameters or they are here to determine assessment requirements.? Acceptable ranges thats where standards exists? But I can be wrong any suggestions.
4) can in any case security manager have risk acceptance authority?
5) operational security can be best ensured via security controls in terms of policies that are embedded in approved documentation or be present operational security guidelines to be audited annually? My view if they are not documented they are never audited?
6)if auditor is facing resistance from internal teams, should he ask the security manager to have their liaison ensure that audit checklist is forwarded and communicated between auditor and target team?My weakness is leadership, ethics and governance according to exam results. What can i do?
7) If some organization tells me about type of business they are in, and inform me their business suffer no risk, and in discussion I can pick out area e.g integrity where the risk applies, should I recommend the risky area or suggest full risk assessment. Also, there is no budget concern raised by the organization management which approach to follow.
Comments
Connect With Me || My Blog Site || Follow Me
I've tried to contact you through the forum but I couldn't.
I'm taking the ISSMP next Tuesday.
I've read the CBK and was pretty confident until I read about your journey and especially your opinion on the CBK content being not helpful at all during the exam.
I've passed the CISM recently; I'm counting on what I've read on this forum about the similarities in content.
I know we can't talk much about the exam content but can you give some examples of topics that you now think that should've been included on the CBK?